At present, the realm of banking services has expanded significantly. The user (bank customer) is presented with new possibilities for interacting with the bank and new methods of payment and transfer of funds. A multitude of payment systems, plastic cards, and banking services (bank services are often called remote banking services) allow the user to perform various transactions by means of computing devices. Online and mobile banking are making it possible to carry out monetary transactions without the use of a plastic card or bank account details.
Moreover, various mechanisms exist for protecting the user's resources against access by third parties. When the user is working with online banking, a method such as two-factor authentication is often used. After entering the authentication data (such as a login and password, which might become accessible to third parties) in the browser at the bank site, the bank sends the user on their mobile telephone a message containing, for example, an additional verification code, which needs to be entered in a special field.
However, it should be noted that there are many attacks which employ vulnerable aspects in the interaction of the user with banking services, which are carried out by hackers in order to gain access to the user's funds. Such attacks are often called fraud. Thus, for example, with the aid of phishing sites it is possible to obtain the login and password for access to online banking. Malicious software for mobile devices allows hackers to conduct transactions with confirmation of which the user is unaware.
Systems and methods are known which use a so-called fingerprint of the user's device for protecting the user from fraudulent activity. The user in the general case uses the same devices, each device containing a particular set of software and attributes which are known to the bank. If the software set is changed on the device, or if the device itself is changed, there is a high probability that fraudulent activity is occurring. When fraudulent activity is carried out on a device, that device is then considered to be dangerous.
However, identical devices in different regions employ a different set of programs, firmware, and browsers for access to online banking. The known systems and methods of comparing fingerprints of devices only identify a certain number of dangerous devices, but are not able to identify potentially dangerous devices in dependence on different characteristics (such as the region of use of the device or the regional firmware of the device), nor are they able to identify devices if the fingerprint of such a device is not yet known (for example, a new device in the manufacturer's product line) and they do not make use of the expertise of firms engaging in the development of programs to ensure security (such as antivirus software).